WHMCS ব্যাবহারকারী হোস্টিং প্রোভাইডারদের প্রায়ই সিকিউরিটি রিলেটেড সমস্যার সম্মুখীন হতে হয় । কিন্তু কিছু কাস্টম Modsecuirty rules ব্যাবহার করে এই নিরাপত্তা ব্যবস্থা কিছুটা শক্তিশালী করা সম্ভব। আসুন দেখে নেই কিভাবে কাস্টম Modsecuirty রুলস গুল অ্যাড করতে পারি। প্রথমেই আপানাকে নিশ্তিত হতে হবে WHM Server এ Modsecuirty Install করা রয়েছে । না থাকলে EasyApache Rebuild করে এখনি করে নিন। এরপর WHM Server এর Security Center > ModSecurity Tool > Rules List> Add Rule এ গিয়ে নিচের রুলস গুলো অ্যাড করে নিন। এখন Save বাটনে ক্লিক করে Apache Restart করুন।
# WHMCS Protect Important Tables
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbladmins” “id:00001,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbladmins” “id:00002,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblclients” “id:00003,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblclients” “id:00004,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblhosting” “id:00005,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblhosting” “id:00006,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblservers” “id:00007,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblservers” “id:00008,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbltickets” “id:00009,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbltickets” “id:00010,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblregistrars” “id:00011,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblregistrars” “id:00012,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblcontacts” “id:00013,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblcontacts” “id:00014,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblemails” “id:00015,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblemails” “id:00016,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblinvoices” “id:00017,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblinvoices” “id:00018,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblorders” “id:00019,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblorders” “id:00020,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblpaymentgateways” “id:00021,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblpaymentgateways” “id:00022,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblverificationdata” “id:00023,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblverificationdata” “id:00024,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblgatewaylog” “id:00025,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblgatewaylog” “id:00026,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbldomains” “id:00027,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbldomains” “id:00028,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbladminlog” “id:00029,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbladminlog” “id:00030,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblaccounts” “id:00031,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblaccounts” “id:00032,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
# WHMCS Generic DB Protection (Change database_name to your database name!)
SecRule REQUEST_URI|ARGS|REQUEST_BODY “database_name” “id:00050,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “database_name” “id:00051,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “outfile” “id:00052,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “outfile” “id:00053,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
# WHMCS Specific Exploits
SecRule REQUEST_URI|ARGS|REQUEST_BODY “aes_encrypt” “id:00101,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “aes_encrypt” “id:00102,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tablejoin” “id:00103,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tablejoin” “id:00104,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “invoiceids” “id:00105,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
এছাড়াও পাশাপাশি Comodo WAF প্লাগিনটি ব্যাবহার করতে পারেন। পরবর্তী Tutorial এ ওয়ার্ডপ্রেস এর Brute Force এবং Xmlrpc.php অ্যাটাক বন্ধ করার উপায় নিয়ে আলোচনা করব।
Thanks a lot for the information brother. 🙂